Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917E678/B897C582A19C11EB92A2DF29C4F9AE02/5BE68D46CF7611ED85A2E84EC4F9AE02.roa
File:                     5BE68D46CF7611ED85A2E84EC4F9AE02.roa (raw, json)
Hash identifier:          VvhvTMMvXBeqYgZfOoMB+UXmxIfdJwDgYKrDyaLLmc4=
Subject key identifier:   14:90:C1:E9:0E:55:F9:53:05:27:38:5E:27:08:6A:B1:35:66:79:A3
Certificate issuer:       /CN=A917E678/serialNumber=E243F3BE825569BB16ACB374BC98DABE690B17C1
Certificate serial:       0588
Authority key identifier: E2:43:F3:BE:82:55:69:BB:16:AC:B3:74:BC:98:DA:BE:69:0B:17:C1
Authority info access:    rsync://rpki.apnic.net/repository/B4A1BEA61D6611E2B2CD8B7C72FD1FF2/4kPzvoJVabsWrLN0vJjavmkLF8E.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917E678/B897C582A19C11EB92A2DF29C4F9AE02/5BE68D46CF7611ED85A2E84EC4F9AE02.roa
Signing time:             Thu 18 Apr 2024 07:51:14 +0000
ROA not before:           Thu 18 Apr 2024 07:51:13 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     136907
IP address blocks:        189.1.192.0/18 maxlen: 18
                          189.1.192.0/20 maxlen: 20
                          189.1.208.0/20 maxlen: 20
                          189.1.224.0/20 maxlen: 20
                          189.1.240.0/20 maxlen: 20
                          189.28.96.0/20 maxlen: 20
                          189.28.112.0/20 maxlen: 20
                          190.92.248.0/24 maxlen: 24
                          190.92.249.0/24 maxlen: 24
                          190.92.250.0/24 maxlen: 24
                          190.92.251.0/24 maxlen: 24
                          190.92.252.0/24 maxlen: 24
                          190.92.253.0/24 maxlen: 24
                          190.92.254.0/24 maxlen: 24
                          201.77.32.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917E678/B897C582A19C11EB92A2DF29C4F9AE02/4kPzvoJVabsWrLN0vJjavmkLF8E.crl
                          rsync://rpki.apnic.net/member_repository/A917E678/B897C582A19C11EB92A2DF29C4F9AE02/4kPzvoJVabsWrLN0vJjavmkLF8E.mft
                          rsync://rpki.apnic.net/repository/B4A1BEA61D6611E2B2CD8B7C72FD1FF2/4kPzvoJVabsWrLN0vJjavmkLF8E.cer
                          rsync://rpki.apnic.net/repository/B4A1BEA61D6611E2B2CD8B7C72FD1FF2/lqhe9LjK9dTDWhV_ThJe5JS6-Tk.crl
                          rsync://rpki.apnic.net/repository/B4A1BEA61D6611E2B2CD8B7C72FD1FF2/lqhe9LjK9dTDWhV_ThJe5JS6-Tk.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/lqhe9LjK9dTDWhV_ThJe5JS6-Tk.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 May 2024 14:50:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1416 (0x588)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917E678/serialNumber=E243F3BE825569BB16ACB374BC98DABE690B17C1
        Validity
            Not Before: Apr 18 07:51:13 2024 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=6620d0f1-5ce9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:94:ed:2f:cc:21:2f:c4:3d:6c:ca:16:3f:18:
                    67:92:19:26:eb:66:a3:48:f9:ba:4c:bf:17:15:18:
                    60:dd:41:78:8f:e2:9e:fd:13:18:89:3f:1e:fb:06:
                    85:92:cf:67:0c:41:80:c0:8f:54:3f:d1:8e:ce:0c:
                    16:4d:ff:6b:c9:ce:fc:74:f9:1d:c5:bf:04:c8:19:
                    ec:04:9f:2d:e2:06:c9:1e:c8:65:6e:f3:a0:27:80:
                    82:30:85:64:e0:4f:4e:9b:5a:96:0d:f4:ca:dd:58:
                    84:e8:4e:e4:32:02:3a:5c:72:e9:e3:17:c9:b9:c4:
                    cf:03:b4:fa:e8:8c:83:65:fc:24:36:52:2d:01:97:
                    5d:52:1c:5a:d7:d4:c5:81:44:d9:5d:53:70:e0:42:
                    84:48:60:34:46:20:40:a7:b2:76:10:a8:b0:ad:08:
                    f5:66:e7:f1:ba:49:bf:7b:6d:9c:77:78:a2:75:73:
                    08:d7:52:8d:14:cf:2a:56:14:3c:8c:20:da:1f:84:
                    42:cf:92:c7:ab:27:44:7f:18:d9:83:a6:78:f1:8a:
                    3a:06:07:20:4a:03:eb:90:f7:f6:ff:cf:96:bc:e7:
                    9a:05:72:2a:89:83:61:1b:b3:f3:d3:c4:60:2e:b2:
                    7b:9a:ba:f7:ea:8c:06:e3:79:c8:04:30:a5:1e:e2:
                    49:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:90:C1:E9:0E:55:F9:53:05:27:38:5E:27:08:6A:B1:35:66:79:A3
            X509v3 Authority Key Identifier:
                keyid:E2:43:F3:BE:82:55:69:BB:16:AC:B3:74:BC:98:DA:BE:69:0B:17:C1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917E678/B897C582A19C11EB92A2DF29C4F9AE02/4kPzvoJVabsWrLN0vJjavmkLF8E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B4A1BEA61D6611E2B2CD8B7C72FD1FF2/4kPzvoJVabsWrLN0vJjavmkLF8E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917E678/B897C582A19C11EB92A2DF29C4F9AE02/5BE68D46CF7611ED85A2E84EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.1.192.0/18
                  189.28.96.0/19
                  190.92.248.0-190.92.254.255
                  201.77.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         35:48:8d:9f:35:72:08:f4:f2:f0:ea:45:90:52:af:8c:19:7d:
         4d:74:46:ee:63:ef:63:2f:e3:66:3d:46:81:e1:3a:0e:0f:98:
         7f:a0:3a:dc:a4:ba:11:18:ee:91:49:45:e0:4e:46:4a:73:3d:
         03:31:40:db:1c:f9:fb:25:1d:95:68:ab:bf:9d:d2:79:f3:13:
         72:cc:02:23:17:7d:70:18:da:b6:09:58:56:23:16:ba:e1:6c:
         a1:6e:3e:16:f5:9c:bd:49:ae:21:a1:1b:27:5e:d1:a4:45:40:
         63:23:f0:b9:8b:58:e1:2d:94:7e:53:b7:c3:f3:64:a4:71:f7:
         ec:c8:cb:35:43:7a:6d:d2:fc:05:49:af:78:8e:b7:ba:b4:78:
         0f:ff:cc:b4:44:e9:40:ab:62:72:89:18:11:49:11:a7:c8:77:
         94:be:30:6b:74:2c:d4:80:70:19:38:bd:87:fc:a5:b3:f3:cb:
         df:e7:00:2a:26:87:73:23:07:5d:9c:1e:c9:51:b4:4c:5f:6b:
         51:53:65:a0:41:61:30:c4:c3:34:3b:15:59:46:f2:36:ec:ee:
         aa:4f:4b:9c:95:b5:e7:74:fa:55:a9:07:fb:fb:48:cf:30:c2:
         2a:b5:8b:30:bc:c8:e1:d4:4f:0e:88:d4:3b:49:59:2b:7c:b4:
         bd:fd:d2:76
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICBYgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0U2NzgxMTAvBgNVBAUTKEUyNDNGM0JFODI1NTY5QkIxNkFDQjM3NEJDOThEQUJF
NjkwQjE3QzEwHhcNMjQwNDE4MDc1MTEzWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjIwZDBmMS01Y2U5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2ZTtL8whL8Q9bMoWPxhnkhkm62ajSPm6TL8XFRhg3UF4j+Ke/RMYiT8e+waF
ks9nDEGAwI9UP9GOzgwWTf9ryc78dPkdxb8EyBnsBJ8t4gbJHshlbvOgJ4CCMIVk
4E9Om1qWDfTK3ViE6E7kMgI6XHLp4xfJucTPA7T66IyDZfwkNlItAZddUhxa19TF
gUTZXVNw4EKESGA0RiBAp7J2EKiwrQj1Zufxukm/e22cd3iidXMI11KNFM8qVhQ8
jCDaH4RCz5LHqydEfxjZg6Z48Yo6BgcgSgPrkPf2/8+WvOeaBXIqiYNhG7Pz08Rg
LrJ7mrr36owG43nIBDClHuJJxwIDAQABo4ICrzCCAqswHQYDVR0OBBYEFBSQwekO
VflTBSc4XicIarE1ZnmjMB8GA1UdIwQYMBaAFOJD876CVWm7FqyzdLyY2r5pCxfB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RTY3OC9CODk3QzU4MkEx
OUMxMUVCOTJBMkRGMjlDNEY5QUUwMi80a1B6dm9KVmFic1dyTE4wdkpqYXZta0xG
OEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I0QTFCRUE2MUQ2NjExRTJCMkNEOEI3Qzcy
RkQxRkYyLzRrUHp2b0pWYWJzV3JMTjB2Smphdm1rTEY4RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0U2NzgvQjg5N0M1ODJBMTlDMTFFQjkyQTJERjI5QzRGOUFFMDIvNUJFNjhENDZD
Rjc2MTFFRDg1QTJFODRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBAa9AcADBAW9HGAwDAMEA75c+AMEAL5c/gMEBMlNIDANBgkq
hkiG9w0BAQsFAAOCAQEANUiNnzVyCPTy8OpFkFKvjBl9TXRG7mPvYy/jZj1GgeE6
Dg+Yf6A63KS6ERjukUlF4E5GSnM9AzFA2xz5+yUdlWirv53SefMTcswCIxd9cBja
tglYViMWuuFsoW4+FvWcvUmuIaEbJ17RpEVAYyPwuYtY4S2UflO3w/NkpHH37MjL
NUN6bdL8BUmveI63urR4D//MtETpQKticokYEUkRp8h3lL4wa3Qs1IBwGTi9h/yl
s/PL3+cAKiaHcyMHXZweyVG0TF9rUVNloEFhMMTDNDsVWUbyNuzuqk9LnJW153T6
VakH+/tIzzDCKrWLMLzI4dRPDojUO0lZK3y0vf3Sdg==
-----END CERTIFICATE-----
Generated at Sat May 18 18:21:37 2024 by rpki-client on console-ams.rpki-client.org